Microsoft Windows 11 Version 22H2 vulnerabilities
1,775 known vulnerabilities affecting microsoft/windows_11_version_22h2.
Total CVEs
1,775
CISA KEV
72
actively exploited
Public exploits
32
Exploited in wild
54
Severity breakdown
CRITICAL42HIGH1246MEDIUM479LOW8
Vulnerabilities
Page 23 of 89
CVE-2025-24054MEDIUMCVSS 5.4KEVPoC≥ 10.0.22621.0, < 10.0.22621.50392025-03-11
CVE-2025-24054 [MEDIUM] CWE-73 CVE-2025-24054: External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spo
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
nvd
CVE-2025-24992MEDIUMCVSS 5.5≥ 10.0.22621.0, < 10.0.22621.50392025-03-11
CVE-2025-24992 [MEDIUM] CWE-126 CVE-2025-24992: Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.
Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.
nvd
CVE-2025-24997MEDIUMCVSS 4.4≥ 10.0.22621.0, < 10.0.22621.50392025-03-11
CVE-2025-24997 [MEDIUM] CWE-476 CVE-2025-24997: Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service loca
Null pointer dereference in Windows Kernel Memory allows an authorized attacker to deny service locally.
nvd
CVE-2025-24987MEDIUMCVSS 6.8≥ 10.0.22621.0, < 10.0.22621.50392025-03-11
CVE-2025-24987 [MEDIUM] CWE-125 CVE-2025-24987: Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges w
Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.
nvd
CVE-2025-21247MEDIUMCVSS 4.3≥ 10.0.22621.0, < 10.0.22621.50392025-03-11
CVE-2025-21247 [MEDIUM] CWE-41 CVE-2025-21247: Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to b
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
nvd
CVE-2025-24984MEDIUMCVSS 4.6KEV≥ 10.0.22621.0, < 10.0.22621.50392025-03-11
CVE-2025-24984 [MEDIUM] CWE-532 CVE-2025-24984: Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to
Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.
nvd
CVE-2025-24071MEDIUMCVSS 6.5PoC≥ 10.0.22621.0, < 10.0.22621.50392025-03-11
CVE-2025-24071 [MEDIUM] CWE-200 CVE-2025-24071: Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauth
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
nvd
CVE-2025-24988MEDIUMCVSS 6.8≥ 10.0.22621.0, < 10.0.22621.50392025-03-11
CVE-2025-24988 [MEDIUM] CWE-125 CVE-2025-24988: Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges w
Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.
nvd
CVE-2025-24996MEDIUMCVSS 6.5≥ 10.0.22621.0, < 10.0.22621.50392025-03-11
CVE-2025-24996 [MEDIUM] CWE-73 CVE-2025-24996: External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spo
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
nvd
CVE-2025-21407HIGHCVSS 8.8≥ 10.0.22621.0, < 10.0.22621.48902025-02-11
CVE-2025-21407 [HIGH] CWE-122 CVE-2025-21407: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2025-21359HIGHCVSS 7.8≥ 10.0.22621.0, < 10.0.22621.48902025-02-11
CVE-2025-21359 [HIGH] CWE-284 CVE-2025-21359: Windows Kernel Security Feature Bypass Vulnerability
Windows Kernel Security Feature Bypass Vulnerability
nvd
CVE-2025-21414HIGHCVSS 7.0≥ 10.0.22621.0, < 10.0.22621.48902025-02-11
CVE-2025-21414 [HIGH] CWE-122 CVE-2025-21414: Windows Core Messaging Elevation of Privileges Vulnerability
Windows Core Messaging Elevation of Privileges Vulnerability
nvd
CVE-2025-21367HIGHCVSS 7.8≥ 10.0.22621.0, < 10.0.22621.48902025-02-11
CVE-2025-21367 [HIGH] CWE-416 CVE-2025-21367: Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
nvd
CVE-2025-21369HIGHCVSS 8.8≥ 10.0.22621.0, < 10.0.22621.48902025-02-11
CVE-2025-21369 [HIGH] CWE-122 CVE-2025-21369: Microsoft Digest Authentication Remote Code Execution Vulnerability
Microsoft Digest Authentication Remote Code Execution Vulnerability
nvd
CVE-2025-21406HIGHCVSS 8.8≥ 10.0.22621.0, < 10.0.22621.48902025-02-11
CVE-2025-21406 [HIGH] CWE-416 CVE-2025-21406: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2025-21373HIGHCVSS 7.8≥ 10.0.22621.0, < 10.0.22621.48902025-02-11
CVE-2025-21373 [HIGH] CWE-59 CVE-2025-21373: Windows Installer Elevation of Privilege Vulnerability
Windows Installer Elevation of Privilege Vulnerability
nvd
CVE-2025-21376HIGHCVSS 8.1≥ 10.0.22621.0, < 10.0.22621.48902025-02-11
CVE-2025-21376 [HIGH] CWE-122 CVE-2025-21376: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
nvd
CVE-2025-21368HIGHCVSS 8.8≥ 10.0.22621.0, < 10.0.22621.48902025-02-11
CVE-2025-21368 [HIGH] CWE-122 CVE-2025-21368: Microsoft Digest Authentication Remote Code Execution Vulnerability
Microsoft Digest Authentication Remote Code Execution Vulnerability
nvd
CVE-2025-21190HIGHCVSS 8.8≥ 10.0.22621.0, < 10.0.22621.48902025-02-11
CVE-2025-21190 [HIGH] CWE-122 CVE-2025-21190: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
nvd
CVE-2025-21358HIGHCVSS 7.8≥ 10.0.22621.0, < 10.0.22621.48902025-02-11
CVE-2025-21358 [HIGH] CWE-822 CVE-2025-21358: Windows Core Messaging Elevation of Privileges Vulnerability
Windows Core Messaging Elevation of Privileges Vulnerability
nvd